last person joined: 17 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all error with Cisco WLC - CLEARPASS

This thread has been viewed 0 times
  • 1. error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 04:08 PM


    Recently I try to configure a cisco virtual cisco WLC with clearpass. So I have created a guest SSID and when a client connects to it  he is successfully redirected  to clearpass slef signed portal. There the user can self register himself and he recieves the reciept from clearpass. When I press the "Login" botton to continue further then I receive in the browser the address and I cannot continue. In addition I cannot see any radius messages from access tracker to arrive at the clearpass.


    The problem is not for sure in the radius configuration of the cisco wlc because I have another wlan connection "corporate ssid", where I use 802.1.x for authentication and I recieve radius messages.


    In the self registration captive portal I have configured the following fields

    Vendor Setting=Cisco systems

    Login Method= Controler Initiated

    IP address=  ( the virtual interface of controller. Also I have verified the webauth certificate of WLC has CN=

    Pre-Auth Check=none- no extra checks will be made


    Also I tried the same configuration by using FQDN i.e because, by using DNS Host Name, Changing the webauth certificate to have, create a dns entry for> Again I had the same result.


    Has anyone met this problem?I have a couple of days and I cannot understand why this happens.


  • 2.  RE: error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 04:40 PM

    Are you running server initiated (depending on IOS version you cannot use controller initiated) and did you verify they you are using the correct port for COA?


    Screen Shot 2019-08-06 at 3.34.31 PM.png

  • 3.  RE: error with Cisco WLC - CLEARPASS

    Posted Aug 06, 2019 05:25 PM
    I am running controler initiated because i do not use ios switch but cisco wireless controller. Should it be "server initiated"?

    From the radius configuration of cisco wireless controller i have enabled the CoA. It should be the default port..i can check it and get back to you.

  • 4.  RE: error with Cisco WLC - CLEARPASS

    Posted Aug 08, 2019 12:55 AM
    So about the port of CoA. Cisco wireless controller uses udp 1700. I tried to coa manually and i succeeded.

    Initially i wanted to create a guest portal with the clearpass service "guest with mac caching". This has as a requirement to use controler initiated and the wireless controller communicates with clearpass with radius.

    I tried your way (server initiated) which i had implemented for wired web auth and actually i received radius messages. Good news but because clearpass extracts the credentials and sends them to itself i need a webauth, coa and later to match a mac authentication service. The CoA could not be succeded when i tried to run it through a service. I tried cisco reauthenticate session.

    Anybody could help?